Cyber Incident Victim: Bundesagentur für Arbeit

Criminals targeted customers of the Bundesagentur für Arbeit by attempting to change their bank account information in order to divert benefit payments. The attackers gained access to client profiles and modified the IBAN numbers associated with those accounts. This activity was detected by the agency’s internal IT monitoring systems. The alteration of account details was observed as a three‑digit number of affected customer profiles.

In response, the Bundesagentur für Arbeit temporarily disabled the online function that allows users to enter or change IBAN account numbers and address details in its benefit application forms. A spokesperson in Nuremberg confirmed that the measure was taken to protect both the authority and its clients from further fraudulent attempts. The agency filed a criminal complaint with law enforcement and notified the Federal Data Protection Commissioner and the Federal Office for Information Security about the incident. According to the agency’s initial findings, no payments were actually transferred to the altered bank accounts.

As a result, the Bundesagentur für Arbeit currently cannot accept online applications for monetary benefits such as unemployment benefits. The agency has confirmed that, to date, no payments have been made to the altered bank accounts. The incident has been reported to law enforcement and the relevant data protection and IT security authorities.